[9] RFR: 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
Artem Smotrakov
artem.smotrakov at oracle.com
Tue Sep 1 23:15:06 UTC 2015
Hello,
Please review this fix for 9.
Certpath validation fails to load certs and CRLs if AIA and CRLDP
extensions point to LDAP resources. This happens because LDAPCertStore
accepts only instances of LDAPCertStoreParameters and
URICertStoreParameters classes, but
sun.security.provider.certpath.URICertStore uses an inner static
URICertStoreParameters class. Please see details in the bug.
This fix removes URICertStore.URICertStoreParameters class, and updates
URICertStore and DistributionPointFetcher to use new
java.security.cert.URICertStoreParameters class.
A regression test starts a local name service which logs requested host
names. The test checks that host names from AIA and CRLDP extensions
were loaded and requested to resolve during certpath validation.
Bug: https://bugs.openjdk.java.net/browse/JDK-8134708
Webrev: http://cr.openjdk.java.net/~asmotrak/8134708/webrev.01/
Artem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20150901/b21ab035/attachment.htm>
More information about the security-dev
mailing list